Rijnbout.Validators 2.0.0

Validators to validate and cleanup values in a secure way.

Install-Package Rijnbout.Validators -Version 2.0.0
dotnet add package Rijnbout.Validators --version 2.0.0
<PackageReference Include="Rijnbout.Validators" Version="2.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Rijnbout.Validators --version 2.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

The validators project is meant to supply functionality to easily validate (user) input to prevent insertion of potentially harmful content without restricting user input too much. Many sites are vulnerable for XSS or injection attacks (see OWASP top 10). By using whitelisting for all your user input it is easy to prevent most injection issues. Using too restricted whitelists can however prevent users from inputting the data they want. If a user cannot input his or her name because it contains some characters not in the whitelist, you don't have a proper balance between security and user friendliness. This project is meant to help maintain the proper balance. Good security without annoying users bij restricting input too much.

Available Validators

In the current version the following validators are available:

  1. TextValidator
  2. ExtendedTextValidator
  3. MultiLineTextValidator
  4. NameValidator
  5. TelephoneNumberValidator
  6. EmailAddressValidator

TextValidator

Provides validation functions for basic (letters only) text input. With this validator you can check if your input consists of only Unicode letters. You can set if spaces are allowed (default spaces are not allowed).

ExtendedTextValidator

Provides validation functions for extended (letters and numbers) text input. With this validator you can check if your input consists of only letters, digits _ and -. You can set if spaces are allowed (default spaces are allowed).

MultiLineTextValidator

Provides validation functions for multi-line text input. With this validator allows letters, digits, line breaks, quotes, punctuation, url's and email adresses.

NameValidator

Provides validation functions for human names, only characters normally used in human names are allowed (whitelisted) when validating using this validator. You can set if single quotes are allowed in names (for names like O'Reilly).

TelephoneNumberValidator

Provides validation functions for telephone numbers, only digits, spaces, +, -, ( and ) are allowed (whitelisted) when validating using this validator.

EmailAddressValidator

Provides validation functions for email addresses. You can set wether only basic latin is allowed or also other alphabets.

Creation

Simply create an instance of the right class and reuse it for all calls within your preferred scope. The constructor allows you to set the available options for all validation actions performed by the created instance. You can create validation instances for a single page or for your entire application.

bool allowSingleQuotes = false;
var validator = new NameValidator(allowSingleQuotes);

Using Dependency Injection Containers

If you use an IoC or Dependency Injection Container (like AutoFac) you can create your validator instances and then registering them for further use in your entire application. This way you can define the options for your validators at one point and reuse validators with those options throughout your application.

var builder = new ContainerBuilder();
var nameValidator = new NameValidator(false);
builder.RegisterInstance(nameValidator).As<NameValidator>();

Usage

All validators have the following 2 methods:

  1. IsValid(string value) => bool
  2. RemoveInvalidCharacters(string value) => string

A basic implementation would be the following.

if (!validator.IsValid(inputValue))
{
    // Do something if input is invalid
}

You could also just remove the invalid input, make sure you communicate to the user that the input is invalid and why it is invalid.

if (!validator.IsValid(inputValue))
{
    inputValue = validator.RemoveInvalidCharacters(inputValue);

    // Return a validation message
}

The validators project is meant to supply functionality to easily validate (user) input to prevent insertion of potentially harmful content without restricting user input too much. Many sites are vulnerable for XSS or injection attacks (see OWASP top 10). By using whitelisting for all your user input it is easy to prevent most injection issues. Using too restricted whitelists can however prevent users from inputting the data they want. If a user cannot input his or her name because it contains some characters not in the whitelist, you don't have a proper balance between security and user friendliness. This project is meant to help maintain the proper balance. Good security without annoying users bij restricting input too much.

Available Validators

In the current version the following validators are available:

  1. TextValidator
  2. ExtendedTextValidator
  3. MultiLineTextValidator
  4. NameValidator
  5. TelephoneNumberValidator
  6. EmailAddressValidator

TextValidator

Provides validation functions for basic (letters only) text input. With this validator you can check if your input consists of only Unicode letters. You can set if spaces are allowed (default spaces are not allowed).

ExtendedTextValidator

Provides validation functions for extended (letters and numbers) text input. With this validator you can check if your input consists of only letters, digits _ and -. You can set if spaces are allowed (default spaces are allowed).

MultiLineTextValidator

Provides validation functions for multi-line text input. With this validator allows letters, digits, line breaks, quotes, punctuation, url's and email adresses.

NameValidator

Provides validation functions for human names, only characters normally used in human names are allowed (whitelisted) when validating using this validator. You can set if single quotes are allowed in names (for names like O'Reilly).

TelephoneNumberValidator

Provides validation functions for telephone numbers, only digits, spaces, +, -, ( and ) are allowed (whitelisted) when validating using this validator.

EmailAddressValidator

Provides validation functions for email addresses. You can set wether only basic latin is allowed or also other alphabets.

Creation

Simply create an instance of the right class and reuse it for all calls within your preferred scope. The constructor allows you to set the available options for all validation actions performed by the created instance. You can create validation instances for a single page or for your entire application.

bool allowSingleQuotes = false;
var validator = new NameValidator(allowSingleQuotes);

Using Dependency Injection Containers

If you use an IoC or Dependency Injection Container (like AutoFac) you can create your validator instances and then registering them for further use in your entire application. This way you can define the options for your validators at one point and reuse validators with those options throughout your application.

var builder = new ContainerBuilder();
var nameValidator = new NameValidator(false);
builder.RegisterInstance(nameValidator).As<NameValidator>();

Usage

All validators have the following 2 methods:

  1. IsValid(string value) => bool
  2. RemoveInvalidCharacters(string value) => string

A basic implementation would be the following.

if (!validator.IsValid(inputValue))
{
    // Do something if input is invalid
}

You could also just remove the invalid input, make sure you communicate to the user that the input is invalid and why it is invalid.

if (!validator.IsValid(inputValue))
{
    inputValue = validator.RemoveInvalidCharacters(inputValue);

    // Return a validation message
}

Release Notes

Added Telephone Number validator
   Added Email Address validator
   Allow extra characters for MultiLine Text validator (currency symbols and hashtag)
   Fix documentation typo

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
2.0.0 318 1/3/2018
1.1.0 553 10/22/2017
1.0.0 386 8/19/2017
0.1.2 289 7/1/2017
0.1.2-alpha 269 7/1/2017
0.1.1 244 7/1/2017
0.1.0 242 6/28/2017